CVE-2025-46877: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.22 and earlier contain a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2025-46877. The vulnerability was discovered and disclosed to Adobe Systems Incorporated, with the initial CVE record being created on April 30, 2025 (CVE Details).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue (CWE-79) with a CVSS v3.1 base score of 5.4 (Medium). The attack vector is characterized as CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, required low privileges, and user interaction (NVD).

When exploited, this vulnerability allows malicious JavaScript execution in victims' browsers when they access pages containing compromised form fields. The impact is rated as medium severity, affecting both confidentiality and integrity at a low level, while availability remains unaffected (NVD).

Adobe has addressed this vulnerability in versions after 6.5.22. Users are advised to upgrade to the latest version of Adobe Experience Manager to mitigate this security risk (Adobe Advisory).